Security
Headlines
HeadlinesLatestCVEs

Tag

#.NET Framework

CVE-2024-29059: .NET Framework Information Disclosure Vulnerability

\*\*What type of information could be disclosed by this vulnerability? \*\* An attacker who successfully exploited this vulnerability could obtain the ObjRef URI which could lead to Remote Code Execution.

Microsoft Security Response Center
#vulnerability#java#rce#.NET Framework#Security Vulnerability
CVE-2024-21312: .NET Framework Denial of Service Vulnerability

**According to the CVSS metric, the privileges required is none (PR:N). What does that mean for this vulnerability?** The score is based on websites/apps that are configured to allow anonymous access without authentication. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk.

CVE-2023-36049: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

**How could an attacker exploit this vulnerability?** To exploit this vulnerability an attacker would have to inject arbitrary commands to the FTP server.

CVE-2023-36788: .NET Framework Remote Code Execution Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** Exploitation of this vulnerability requires that a user trigger the payload in the application.

CVE-2023-36873: .NET Framework Spoofing Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to create a crafted certificate in order to validate themselves as a trusted source.

CVE-2023-36873: .NET Framework Spoofing Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to create a crafted certificate in order to validate themselves as a trusted source.

CVE-2023-29326: .NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to access the local system with the ability to execute a malicious application. The security update addresses the vulnerability by correcting how .NET validates input on library load.

CVE-2023-29326: .NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to access the local system with the ability to execute a malicious application. The security update addresses the vulnerability by correcting how .NET validates input on library load.

CVE-2023-21722: .NET Framework Denial of Service Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

CVE-2022-41089: .NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to access the local system with the ability to execute a malicious application. The security update addresses the vulnerability by correcting how .NET validates input on library load.